WordPress.org

Ready to get started?Download WordPress

Forums

My themes was hacked! (4 posts)

  1. sohmc
    Member
    Posted 5 years ago #

    Hello all!

    Sometime yesterday, my site was hacked. Upon further investigation, it looks like someone uploaded a new index.php for my theme.

    Is there a vulnerability somewhere that needs to be patched? I don't know enough about how WP works to know for sure.

    If you need me to post a zip of my compromised theme directory, let me know.

  2. Doodlebee
    Member
    Posted 5 years ago #

    Were your file permissions set at 644, folders at 755? Have you contacted the host to see if the compromise definitely came from your site, or someone else's (if you're on a shared server)? Do you have passwords that are based on dictionary words? There's all kinds of things that could be the cause.

    You might take a look at this.

  3. sohmc
    Member
    Posted 5 years ago #

    File was 644, folders 755. I'm a shared host and not the only one effected. The only commonality between us is that we use WP.

    My passwords are random and at least 16 characters. I always use SSL/SSH to update my site.

    I'm going to hash through the code this weekend to see if I can find anything.

  4. Doodlebee
    Member
    Posted 5 years ago #

    Yes, *your* passwords were random and 16 chars, and *your* files and folders were set correctly - but how about everyone else on the server?

    If someone else on the server is compromised, it can easily create a "back door" to affect others on the same server. You should contact your host about this.

Topic Closed

This topic has been closed to new replies.

About this Topic